safe and satisfied: a new equilibrium

Security First and Foremost

With the use
of mobile devices being at an all-time high and mobile digital media outpacing
desktop computer usage, any business that isn't using mobile devices to reach
its consumers is making very poor business decisions. However, reaching the
customers is not enough - once reached, they must feel safe using your services
and products.

As Safe as a Safe

When it comes
to banking, security has always been a vital factor for both attracting new
customers and ensuring existing ones have a great degree of satisfaction and
trust. With technology advancing in leaps and bounds, so have the threats and
risks connected to it increased. In the world of banking this has meant taking
on an onslaught of malware, corrupted apps, flawed authentication, lost or
stolen devices and all kinds of IT-related fraud.

Security
risks related to banking apps are various and threats may come from some quite
unexpected places. These risks include malware specifically targeting mobile
devices, which can be hidden in both ads and apps and is notoriously difficult
to guard and fight against. Apps themselves may also be vulnerable to exploits,
especially if other apps (e.g. a shopping app) are able to access your banking
app for login information (i.e. username and password). And even free wi-fi,
something we've come to take for granted in public places, can be used to breach
security: all fraudsters have to do is create a wi-fi hotspot and trick you
into using it (e.g. by giving it a name similar to a hotspot you'd normally
use) - and free wi-fi also exposes you to packet sniffers, which collect your
banking details and your personal information (name, address or phone number).

PODCAST: FRAUD TRENDS

Find out more about the current fraud affairs in the cyberspace and payment industry and how Mercury Processing Services International deals with them from Jelena Kolega, Head of Fraud Intelligence Products Department.

Staying on Top of Security

While bank's customers
may be the target of most security threats, banks and financial institutions
themselves are not safe either. Developments such as device fingerprinting and
remote deposit capture have both improved customer experience and increased
security, but they are still not foolproof.

Device fingerprinting means collecting information about the device, which is then stored in a bank’s system to distinguish the true customer from a potential fraudster; while remote deposit capture allows for users to snap a picture of a paper check on their mobile device and deposit a check electronically, thus eliminating trips to the bank. There are rigid customer agreements and monitoring in place for these services, but even these measures can be circumvented so it's vital that banks always stay on top of newest security developments.

Your browser does not support the video.

Staying on top in this context, means not being controlled by the fear that the work of a bank's security team will greatly slow down market plans, and allowing the security team to be involved at the early stages of the app or service development process - this way, many risks can be identified and mitigated even before they become an actual problem or threat.

Fast Changes and Biometrics

With the
current pace of technological development, changes in safety and security are
coming in faster and faster and standards are rushing to meet them. One such
change is biometrics, which is expected to become commonplace as early as 2019,
due to both tech-savviness of the average banking customer and their desire for
a simple and smooth user experience.

But what is
biometrics and how will it change the game with regards to banking security?
Well, in essence, biometrics is a method of personal identification based on
unique biological patterns on and in a customer's body: iris and retina inside
eyes, fingerprints, vein pattern beneath the skin, facial pattern, DNA
sequence, voice print, gait, typing rhythm, etc. By using technology to analyze
these patterns, a bank's systems (e.g. online or mobile banking) can
automatically recognize and verify a customer's identity and allow them access.

Biometrics are the next step in security for several reasons. Firstly, passwords are increasingly losing their reliability. A staggering percentage of security breaches are caused by stolen passwords since many customers pick insecure (i.e. predictable) passwords and so become easy pray for hackers. Secondly, customers themselves have high concerns regarding the security of their mobile banking apps and would view biometric authentication as proof of high security standards.

Biometrics are already being embraced by major players - Wells Fargo's mobile banking apps feature eye-scanning technology, Citigroup has deployed voice authentication, and Bank of America is making good use of fingerprint scanners.

Biometrics, however, are not flawless and there are some limitations to the practical application: face recognition depends on the light conditions, fingerprint authentication may not work in case of a finger injury, an illness or noise may affect voice recognition, colored contact lenses may prevent iris scans. But even without 100% effectiveness, biometrics are still far more effective than passwords alone which is why there is an increase in instances of two-step authorizations, i.e. banks using biometrics in conjunction with passwords - for example, a biometric scan will allow you access to your banking app, but a password is required to initiate a digital money transfer.

The Machine Will Learn

And finally,
the need for security is no longer imaginable without machine learning and AI,
which are not only already watching financial traffic to detect fraud but are
now also searching the web to gather knowledge on how to fight against it.
Since computers can now not only read digits or text but also understand the
context, they can predict a user’s behavior.

By using both
historical and live data to create patterns for a customers’ behavior, computers
can now detect suspicious transactions and also make accurate fraud
predictions. What happens is this: the system creates deep profiles of
customers based on gathered data, integrating historical data with streaming
information, and analyses it in real-time to make the most accurate predictions
and prevent fraud attempts. It also learns from every transaction, which means
its accuracy will greatly increase over time.

It's
extremely useful with multi-channel payments (e.g. when your customers pay both on your website and via mobile apps) and it allows a look at more granular
information a human analyst might miss when checking transactions manually.

Yes, sometimes genuine orders may be rejected because
they aren’t tailored to the typical behavior pattern, but while machine learning
isn’t perfect it can still solve many problems and is one of the best methods
for increasing both your customer base and customer satisfaction.

PODCAST: SECURITY MEASURES

Learn more
about security measures at Mercury Processing Services International from Vinko Zlomislić, Information security expert.